Workshop on Security and Human Behaviour (SHB 2010)
June 28-29, Cambridge - Working papers
The workshop will be held in in the
Computer Laboratory, University of
Cambridge. It is sponsored by Microsoft Research, Thales, Google, Juniper and HP Labs.
This is the third SHB. Here is the programme.
Here are links to the liveblog, papers and audio
recordings for the workshops we held in 2009 and 2008.
As we prepare for the workshop, I'll be adding to each attendee's name one or
two links to papers that they might like others to look at in advance. Email me
your contributions!
Ross.Anderson at cl.cam.ac.uk
Alessandro Acquisti, CMU:
What
Can Behavioral Economics Teach Us About Privacy?; Privacy
in Electronic Commerce and the Economics of Immediate Gratification
John Adams, UCL: Quis
custodiet ipsos custodes?
Ross Anderson, Cambridge:
book chapters on psychology and terror; It's the Anthropology, Stupid
Scott Atran, John Jay College, CNRS and
University of Michigan: Talking to the Enemy; Q&A in Cultural Heritage &
Arts Review
Michelle Baddeley: Herding,
social influence and economic decision-making: socio-psychological and
neuroscientific analyses
Matt Blaze, UPenn; Toward a broader
view of security protocols
Caspar
Bowden, Microsoft
Joe Bonneau, Cambridge: The
password thicket: technical and market failures in human
authentication on the web; The
Privacy Jungle: On the Market for Privacy in Social Networks
Pam Briggs, Northumberland; Biometric
daemons: authentication via electronic pets
Bill Burns,
Decision Research: The
Diffusion of Fear: Modeling Community Response to a Terrorist Strike
Jon Callas
Jean Camp, Indiana: How Safe is Safe
Enough: The Online Version
Luke Church, Cambridge
Dave
Clark, MIT: A social
embedding of network security - Trust, constraint, power and control
Chris Cocking,
London Met: Effects of
social identity on responses to emergency mass evacuation
Dylan Evans, UCC; online risk intelligence test
Mark Frank, Buffalo;
Human Behaviour and
Deception Detection
Frank Furedi, Kent; Precautionary culture and the rise of possibilistic risk
assessment
Rachel Greenstadt, Drexel: Learning to Extract Quality Discourse in Online
Communities
Cormac
Herley, Microsoft: So Long And No Thanks; Where Do Security Policies Come From
Chris Hoofnagle, UC Berkeley:
Internalizing
Identity Theft; Identity Theft:
Making the Unknowns Known
Benjamin Jakobus, Cork
Lukasz Jedrzejczyk, Open
University; I
Know What You Did Last Summer: risks of location data leakage in mobile and
social computing
Petter Johansson,
Lund: Failure to Detect Mismatches between Intention and
Outcome in a Simple Decision Task
Jeff
Hancock, Cornell: On Lying and
Being Lied To: A Linguistic Analysis of Deception in Computer-Mediated
Communication; Separating Fact
From Fiction: An Examination of Deceptive Self-Presentation in Online
Dating Profiles
Nick Humphrey, Cambridge
Brian LaMacchia, Microsoft
Ben Laurie, Google
Stephen Lea, Exeter: The Psychology of Scams - Provoking and Committing Errors of Judgment
Mark
Levine, Lancaster: Intra-group
Regulation of Violence: Bystanders and the (De)-escalation of Violence
Ragnar
Löfstedt, King's College London: Risk communication and
management in the twenty-first century
Tyler Moore, Harvard: Would
a 'Cyber Warrior' Protect Us? Exploring Trade-offs Between Attack and
Defense of Information Systems; The Consequences of
Non-Cooperation in the Fight Against Phishing; Information
Security Economics - and Beyond
John Mueller, Ohio
State: Hardly Existential: Thinking Rationally About
Terrorism
Bashar Nuseibeh, Open
University: A
Multi-Pronged Empirical Approach to Mobile Privacy Investigation; Security
Requirements Engineering: A Framework for Representation and Analysis
Andrew Odlyzko, University
of Minnesota: Providing security
with insecure systems, Economics,
psychology, and sociology of security
Christof Paar,
Bochum
Andrew Patrick, Privacy
Commission Canada: Ecological
Validity in Studies of Security and Human Behaviour
Sandra Petronio, IUPUI: Regulating the
Privacy of Confidentiality
Rob Reeder, Microsoft: 1 + 1 =
You; I'm allowing
what?
Peter Robinson, Cambridge: Mind-reading
Machines
Mike Roe, Microsoft
Martin
Sadler, HP Labs
Angela Sasse, UCL: Not seeing the crime for thecameras?; The True Cost of Unusable Password Policies
Bruce Schneier, Counterpane: Worst-Case Thinking Makes Us Nuts,
Not Safe; Google And
Facebook's Privacy Illusion; Our Reaction Is the Real Security
Failure
Wolfram
Schultz, Cambridge: Risk-dependent
reward value signal in human prefrontal cortex
Frank Stajano,
Cambridge and Google: Understanding
scam victims: seven principles for systems security; It's
the Anthropology, Stupid
Martin Taylor, magician
Terence Taylor, ICLS:
Darwinian Security; Natural Security (A
Darwinian Approach to a Dangerous World)
Nicko van Someren, Juniper Networks
Rick Wash, Michigan State: Folkmodels of computer security
Hayley Watson, Kent: Citizen Journalism &
Public Opinion
Alma Whitten, Google: Why
Johnny can't encrypt: A usability evaluation of PGP 5.0
Jeff Yan, Newcastle:
Security and usability of
CAPTCHAs; The
memorability and security of passwords – some empirical results
Accommodation: we have a block of rooms at Robinson College which you can book
here. You'll need
a booking code which we give people who're registered for the workshop.
Registration: you can register for the workshop here. Since the workshop is invitational and numbers are limited, you
also need a booking code to register. If you want to be invited, please contact
Ross Anderson, Bruce Schneier or Alessandro Acquisti.